POS malware found at 160 Applebee's restaurant locations

'Hacking good in the neighborhood'

Customer financial data may have been exposed at more than 160 Applebee’s locations across the U.S. Restaurant owner RMH Franchise Holdings, which has locations all over the United States, claims that it recently discovered malware on the point of sale (POS) terminals in its restaurants.

According to a report released by RMH, the malware may have exposed customer data to hackers. Information that could be at risk includes names, credit card numbers, expiration dates, and CVV (card verification value) numbers. So basically all the data needed to make fraudulent transactions over the phone or internet.

Locations were hit with the malware at varying times between November 2017 and January 2018.

“Upon learning of a potential incident, RMH promptly launched an investigation and obtained the help of leading cyber security forensics firms,” the company said. “Based on the experts’ investigation, RMH believes that unauthorized software placed on the point-of-sale system at certain RMH-owned and -operated Applebee’s restaurants was designed to capture payment card information and may have affected a limited number of purchases made at those locations.”

It is important to note that RMH has POS systems that are outside of the Applebee’s corporate network. Therefore only RMH franchises were affected.

The company claims that the threat has been contained and that only guests that paid at hostess stations or with their server were affected. Those that used self-pay tabletop devices or online were not exposed.

RMH has put up a list of locations on their website that will show the time window that each restaurant was at risk. They urge patrons to check this list to determine if they had a visit during the affected times and to take steps to protect themselves including notifying their bank of any fraudulent charges.